diff options
author | trasz <trasz@FreeBSD.org> | 2014-02-11 11:31:08 +0000 |
---|---|---|
committer | trasz <trasz@FreeBSD.org> | 2014-02-11 11:31:08 +0000 |
commit | 7f7fd0dbc0e0dff0202586fa4aa864c47f28bfd2 (patch) | |
tree | 2669eefa08b23b6af7c0b5880733505e6d96f351 /usr.sbin/ctld | |
parent | 87a841d29adb494353457f21fbb7306271ec9d47 (diff) | |
download | FreeBSD-src-7f7fd0dbc0e0dff0202586fa4aa864c47f28bfd2.zip FreeBSD-src-7f7fd0dbc0e0dff0202586fa4aa864c47f28bfd2.tar.gz |
Use "default" as default discovery-auth-group, instead of "no-access".
It doesn't change visible behaviour, as previously auth-group "default"
wasn't redefinable, so by default access was always denied.
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin/ctld')
-rw-r--r-- | usr.sbin/ctld/ctl.conf.5 | 8 | ||||
-rw-r--r-- | usr.sbin/ctld/ctld.c | 3 |
2 files changed, 7 insertions, 4 deletions
diff --git a/usr.sbin/ctld/ctl.conf.5 b/usr.sbin/ctld/ctl.conf.5 index e01f37d..d44caa8 100644 --- a/usr.sbin/ctld/ctl.conf.5 +++ b/usr.sbin/ctld/ctl.conf.5 @@ -131,9 +131,11 @@ The following statements are available at the portal-group level: .It Ic discovery-auth-group Aq Ar name Assigns previously defined authentication group to that portal group, to be used for target discovery. -By default, the discovery will be denied. -A special auth-group, "no-authentication", may be used to allow for discovery -without authentication. +By default, portal groups that do not specify their own auth settings, +using clauses such as "chap" or "initiator-name", are assigned +predefined auth-group "default", which denies discovery. +Another predefined auth-group, "no-authentication", may be used +to permit discovery without authentication. .It Ic listen Aq Ar address Specifies IPv4 or IPv6 address and port to listen on for incoming connections. .It Ic listen-iser Aq Ar address diff --git a/usr.sbin/ctld/ctld.c b/usr.sbin/ctld/ctld.c index 0f20ef3..a457482 100644 --- a/usr.sbin/ctld/ctld.c +++ b/usr.sbin/ctld/ctld.c @@ -1132,7 +1132,7 @@ conf_verify(struct conf *conf) assert(pg->pg_name != NULL); if (pg->pg_discovery_auth_group == NULL) { pg->pg_discovery_auth_group = - auth_group_find(conf, "no-access"); + auth_group_find(conf, "default"); assert(pg->pg_discovery_auth_group != NULL); } @@ -1159,6 +1159,7 @@ conf_verify(struct conf *conf) break; } if (targ == NULL && ag->ag_name != NULL && + strcmp(ag->ag_name, "default") != 0 && strcmp(ag->ag_name, "no-authentication") != 0 && strcmp(ag->ag_name, "no-access") != 0) { log_warnx("auth-group \"%s\" not assigned " |